FreeBSD 14 sshd adds trailing space on subsystem args

F

furaisanjin

Hello all.

I've encountered ths scp problem on FreeBSD 14.0. Now the default protocol is sftp on 14.
When I set command="..." in ~.ssh/authorized_keys, the command is invoked with SSH_ORIGINAL_COMMAND environment variable. However the variable contains trailing space. I checked sshd source code and and found that subsystem_args
may contain space if there isn't any argument defined in /etc/ssh/sshd_config.

Code: 
# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

In process_server_config_line_depth function on servconf.c.
Code: 
                options->subsystem_command[options->num_subsystems] =
                    xstrdup(arg);
                /* Collect arguments (separate to executable) */
                arg = argv_assemble(1, &arg); /* quote command correctly */
                arg2 = argv_assemble(ac, av); /* rest of command */
                xasprintf(&options->subsystem_args[options->num_subsystems],
                    "%s %s", arg, arg2);
                free(arg2);
Since arg2 (rest of command) doesn't have anything in this case, options->subsystem_args[] always has trailing space. Does anybody know what is the reason behind this? Why isn't arg2 checked before appending it?
 
According to the release notes for FreeBSD 14.0, OpenSSH was upgraded to version 9.5p1 (up from 9.3p2 on 13.2-RELEASE). The portable release is available on GitHub, here:

github.com

GitHub - openssh/openssh-portable: Portable OpenSSH

Portable OpenSSH. Contribute to openssh/openssh-portable development by creating an account on GitHub.
github.com github.com

With the caveats that (a) my knowledge of C is rudimentary and (b) this is the first time looking at OpenSSH's source code, a quick git clone of that repo and git blame shows that that code segment was introduced in commit e19069c9fa on 2023-09-06 23:23:53 UTC. The comment suggests that the code block you quoted was meant to improve the way commands and arguments are quoted.

If you think you've found a bug, I suggest filing a problem report with the OpenBSD project.
 
Hi samjenk. Thank you for checking source code on git. I didn't know when the code was changed and it's rather new update. Anyway I created the bug report on openssh bugzilla.
 
You must log in or register to reply here.
Back
Top